diff options
| author | friendica <info@friendica.com> | 2014-03-16 20:34:21 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-03-16 20:34:21 -0700 |
| commit | ecb2e52a7411a8a39b8030964604f0f28f2facce (patch) | |
| tree | bbe36d04ddb359002cc0aa6976dd6a2c34d73747 /include/bbcode.php | |
| parent | 6f9fde997bd0d6c59045220a1afc2060b857c83a (diff) | |
| download | volse-hubzilla-ecb2e52a7411a8a39b8030964604f0f28f2facce.tar.gz volse-hubzilla-ecb2e52a7411a8a39b8030964604f0f28f2facce.tar.bz2 volse-hubzilla-ecb2e52a7411a8a39b8030964604f0f28f2facce.zip | |
little fixes of hopefully nil significance
Diffstat (limited to 'include/bbcode.php')
| -rw-r--r-- | include/bbcode.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index cd0bf527e..c8d1ab425 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -229,9 +229,12 @@ function bb_location($match) { function bbiframe($match) { $a = get_app(); - if(strpos($match[1],get_app()->get_hostname())) - return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; - return '<iframe src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; + + // use sandbox mode to prevent malicious goings on rather than host restriction + // if(strpos($match[1],get_app()->get_hostname())) + // return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; + + return '<iframe sandbox="allow-same-origin allow-top-navigation" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; } function bb_ShareAttributesSimple($match) { |